Recipe for a Linux 802.11b Home Network

My introduction to wireless networking was right here at O'Reilly Network, where our own Rob Flickenger has set up an 802.11b network spanning the three buildings that house the home offices of O'Reilly & Associates.

The idea of a wireless network was right on my wavelength. "You mean I can get Ethernet-speed web browsing, file transfers, and the whole works -- with nary a cable connection in sight -- from as far away as the coffeehouse across the street? Um, I'll be working from there this morning. IM me if you need me."

Needless to say, it wasn't long before I started thinking about other applications for this technology. I wanted Net access on my notebook computer from anywhere in or near my apartment, too. I started thinking about how I might control my stereo. I envisioned working on my laptop at a little garden table on a beautiful day under a stand of trees on my property, while birds chirp, leaves rustle, a light breeze wafts by, and one of Beethoven's symphonies blares from my window at, say, 80 dB. Freude! Naturally, the IEEE 802.11b wireless networking standard was the logical candidate for a means of implementing this nefarious scheme.

However, OEM wireless "residential gateway" hardware isn't exactly cheap, running into the hundreds of dollars and even thousands before you even start thinking about radios for the portables. And bona fide access points are even pricier. Why go to all that expense, I reasoned, when hardware that's gathering dust in my friends' closets -- hardware that they're not using, and would part with for nothing -- will do the job just as well, with only a little extra effort on my part. People have been using free operating systems to build dedicated firewalls and routers on i386 and i486 machines for years. Why not add wireless?

So I set about about building a wireless gateway using Linux, 802.11b, and an old PC. The project was a stunning success. Doing it right took some research, and a bit of trial-and-error, but it seemed to me that, in the end, the task was straightforward enough that anyone with the right hardware and a little know-how could easily replicate our results. Therefore I've endeavored to produce my "recipe" for an 802.11b gateway for you to follow at home. (It didn't hurt that my manager, Peter, was interested in building one for his house.) Those of you who own the home version of our show should be able to play along.

Ingredients for a wireless gateway:

1 desktop PC, 386 or better. No, really. You can take that 486/50 out of the attic, dust it off, and put it to work. We'll call this machine the "gateway."

1 or more notebook PCs. Each should have at least one free PCMCIA slot. We'll call these machines the "clients."

Two or more 802.11b wireless Ethernet PCMCIA cards. We like the Lucent WaveLAN/ORiNOCO cards, but you can in theory use any 802.11b-compliant card.

One ISA-to-PCMCIA or PCI-to-PCMCIA adapter. This should be suitable for installation on the gateway.

Hardware to set up the link from the gateway to the Internet. This can be a cable modem, DSL, ordinary Ethernet, another wireless link, a satellite downlink, etc. It can even be a modem and a PPP dialup, if you're like me and can't get broadband where you live. In fact, modem-based PPP is what we use in this example.

A Unix-like operating system. We selected Red Hat Linux 6.2 for its ease of installation, but any Unix-like OS (such as Debian Linux, OpenBSD, FreeBSD, etc.) will work just fine, if not better. When our examples refer to Red Hat Linux, feel free to substitute the details of your OS and version of choice.

Directions:

Install the desktop PCMCIA adapter in the desktop PC. Then install one of the wireless cards in the adapter. We'll actually get the radio working in just a bit.

Install Linux on the desktop PC. Getting this accomplished is beyond the scope of this recipe. You might run the Red Hat Update Installer, or apt-get or the equivalent, to make sure your distribution is up to date. In addition to the usual stuff, you'll definitely want to install the following packages:

Firewall software, like ipchains.

A DHCP server, like dhcpd.

An SSH server, if you want to administer the gateway from anywhere but the console. Our gateway was designed to run headless, so it doesn't even have a console. OpenSSH is the SSH package we use, but it's not included in Red Hat 6.2, so we downloaded it from openssh.com.

Download the latest stable revision of your kernel source to the gateway. We decided to use the rock-stable and perfectly serviceable 2.2.18, which can be downloaded from ftp.kernel.org. However, the newer kernels should work just fine.

Enable loadable module support. You'll need this to run the pcmcia-cs modules.

Enable support for your outside network connection. If you have a cable modem or a DSL router, you probably just need the driver for your Ethernet card. If you get DSL straight from a DSL modem, you might also need PPPOE support, which (if you're using 2.2.x) you'll have to get elsewhere and install separately. For a regular analog modem, you'll need to enable the PPP drivers, as well as serial-port support.

Enable kernel firewall support. (For example ipchains or iptables.)

Enable IP masquerading. This is sometimes known as NAT, or Network Address Translation.

Enable Wireless Networking (also known as "non-ham"). However, don't build any of the included modules.

Disable PCMCIA support, if you're compiling a 2.4.x kernel. This may seem a little odd, but the external pcmcia-cs package works a lot better. Trust us.

Build and install the new kernel on the gateway. We assume you've compiled kernels before, and have a pretty good idea how to go about it. If not, read the documentation 'cause it's not too complicated, and this exercise is a good excuse to learn. A quick review:

make dep

make modules

make modules_install

make bzImage or make bzlilo

If you use LILO (which we do), and you prefer to make bzImage and install the kernel by hand (which we did), don't forget to edit /etc/lilo.conf and then run /sbin/lilo (which we also did the first time).

If you really are using a 386, 486, or Pentium as your gateway, and you can network it via broadband to a newer, faster machine, you might profit from compiling the gateway's kernel on the faster machine. Then you can tar up the source tree from the newer PC, copy the tarball over to the gateway, unpack it there, and then perform the make modules_install and the kernel image installation steps. We did this, and it saved us a lot of time and trouble. It's hard to get a sense of how much faster computers really are these days -- until you try compiling a current Linux kernel on a 486 processor with 16 megabytes of RAM, and discover how long you end up waiting for it to finish.

Build and install the pcmcia-cs package on the gateway. This will install kernel drivers for the wireless cards. A quick overview:

make config. Answer the questions. Sensible defaults are provided, and it's normally OK to enable CardBus support even if you don't have 32-bit PCMCIA cards.

make all

make install

Build and install the wireless_tools package. This will provide configuration and diagnostic tools for the 802.11b cards. A simple make suffices to build the package, but, amusingly, the package doesn't come with a make install option (as of this writing, anyway). You'll have to copy the iwconfig, iwpriv, and iwspy binaries to /usr/local/sbin (or wherever you prefer to keep them) by hand. Likewise with the main pages (such as, the .8 files).

Configure the wireless subsystem by editing /etc/pcmcia/wireless.opts. You might work from our sample. Pick an arbitrary string to use as your ESSID, which will uniquely identify your local wireless net, and another string to serve as your WEP (Wired Equivalent Privacy) encryption key. Set the rate to "auto", and the mode to "ad hoc".

Pick an IP subnet to use on the wireless network. You'll have to give the gateway's wireless interface a static address on this net. We'll use the conventional 192.168.1.x private class-C subnet, but any network that will never be a valid Internet subnet such as 10.x.x.x, or 172.16.x.x) will do. Configure PCMCIA networking, by editing /etc/pcmcia/network.opts (sample). For our example, we set the IP address (IPADDR) to 192.168.1.1 and net mask to 255.255.255.0. You may want to flavor these settings to taste.

Configure the external network. We're assuming you've already got outbound connectivity working under Linux. If you have a DSL router or a cable modem, this might be as simple as plugging in the network cable, and setting the boot protocol to in /etc/sysconfig/network-scripts/eth0 to DHCP, or setting the IP address to a static value. If you're using a modem-based PPP link, you'll need to configure PPP in /etc/ppp/options (sample). The PPP how-to document may be of service here. If you're on DSL, but don't have a DSL router, and need to use PPP-over-Ethernet (PPPoE), things get a little trickier, but not much. See the Roaring Penguin PPPoE site for information and downloads.

Install the ipchains package, if it isn't already installed. You'll need to configure it to masquerade packets from your wireless network to the outside. For security's sake, you'll also want to drop packets originating on the external interface (eth0, ppp0, or what have you) that claim to be from the internal wireless network, and maybe even reject TCP SYN connections on the external interface, too. A sample SysV configuration script is available. Once you've edited it to suit, you can plunk it into /etc/rc.d/init.d, and then create "symlinks" in each rc*.d directory, or use chkconfig. If you're running a 2.4.x kernel, you'll want to use iptables instead, but the basic concepts are the same.

Install and configure dhcpd to run on the wireless network. Use the network settings we chose a couple steps ago. The DHCP daemon can be configured by editing /etc/dhcpd.conf (sample). Providing DHCP on your wireless net ensures that you won't have to worry about manually setting IP addresses on each of the notebook machines -- you can just configure them to request an available address from the gateway when they need one.

Turn off all services on the gateway you won't be using. The importance of this step cannot be understated. The Red Hat 6 installation enables by default a lot of services you probably won't need. TURN THEM OFF. Edit the links in your /etc/rc.d/rc*.d directories, or use chkconfig. If you don't know what a service is, or what it does, TURN IT OFF. You can always turn it back on later, if you wind up needing it. Be sure to leave network and PCMCIA services running, as well as ipchains and dhcpd.

Reboot the server, and make sure it boots cleanly. Verify that the PCMCIA services and both network interfaces are functional.

Configure your notebook machines (the "clients"). If you want to run Linux on any of these machines, repeat steps 3 through 10 for each client. You should be able to use the same wireless.opts configuration, but, if you don't, be sure that the ESSID, MODE, and KEY settings are the same on the clients. If you want to run Windows on your notebook, refer to Rob Flickenger's reference on setting it up for 802.11b.

Configure each client to use DHCP to automatically obtain its IP address on the wireless network. In Linux, this is as easy as running pump or dhcpcd. You can set the wireless card to try to obtain a lease via DHCP every time the interface comes up, by setting the DHCP variable to "true" in /etc/pcmcia/network.opts. In Windows, you'll want to turn on the "Obtain IP address automatically" feature on the wireless network interface in the Control Panel, and reboot.

Ta-da! You're on the Net! Season to taste. Serve hot. Bon appétit!

The morning after I set all this up in my home, I found myself reading the news, checking my mail, chatting on AIM, and playing MP3s on the stereo in the living room, all before I got out of bed. (This wireless stuff can be hazardous to your health, eh?)

Furthermore, once you've got this up and running, adding more gee-whiz features is easy. For example, I put a sound card in my gateway box, and connected it to my stereo. Now I can play MP3s from anywhere in the vicinity of my apartment, using an xmms session running on the gateway. One could, as another example, set up ntpd on the gateway, and have the client machines keep their system clocks synchronized wirelessly. The possibilities are almost endless -- if you come up with novel variations, please don't hesitate to let us know. We'd love to hear about them.

The coolest part of this whole project is that it isn't something that might happen next year, or even next month -- it's something you can go out this very afternoon, and put together for the cost of a PCMCIA adapter and a couple of 802.11b cards.

I think we have seen the future, folks, and it is definitely wireless. Here at O'Reilly Network, plans are afoot to mount a volunteer-sponsored community wireless cooperative. Rob and I have begun development on a floppy-based wireless Linux distribution, inspired by the Linux Router Project. We're hoping to plaster Sonoma County with homegrown, community-supported wireless access points. We'll have more to say about that once we really get started, so stay tuned!

Meanwhile, I've been having so much fun with my new wireless gateway that I haven't even had time to go out and price garden furniture.

Schuyler Erle
had nothing to do with the Tunguska explosion of 1908. No, really.